► There is a perception amongst security professionals that the true scale of information security incidents is unknown due to under reporting. This potentially leads to…
(more)

▼ There is a perception amongst security professionals that the true scale of information security incidents is unknown due to under reporting. This potentially leads to an absence of sufficient empirical incident report data to enable informed risk assessment and risk management judgements. As a result, there is a real possibility that decisions related to resourcing and expenditure may be focussed only on what is believed to be occurring based on those incidents that are reported. There is also an apparent shortage of research into the subject of information security incident reporting. This research examines whether this assumption is valid and the potential reasons for such under reporting. It also examines the viability of re-using research into incident reporting conducted elsewhere, for example in the healthcare sector. Following a review of what security related incident reporting research existed together with incident reporting in general a scoping study, using a group of information security professionals from a range of business sectors, was undertaken. This identified a strong belief that security incidents were significantly under-reported and that research from other sectors did have the potential to be applied across sectors. A concept framework was developed upon which a proposal that incident reporting could be improved through the identification of Critical Success Factors (CSF’s). A Delphi study was conducted across two rounds to seek consensus from information security professionals on those CSF’s. The thesis confirms the concerns that there is under reporting and identifies through a Delphi study of information security professionals a set of CSF’s required to improve security incident reporting. An Incident Reporting Maturity Model was subsequently designed as a method for assisting organisations in judging their position against these factors and tested using the same Delphi participants as well as a control group. The thesis demonstrates a contribution to research through the rigorous testing of the applicability of incident reporting research from other sectors to support the identification of solutions to improve reporting in the information security sector. It also provides a practical novel approach to make use of a combination of CSF’s and an IRMM that allows organisations to judge where their level of maturity is set against each of the four CSF’s and make changes to strategy and process accordingly.

► Vulnerabilities within software are the fundamental issue that provide both the means, and opportunity for malicious threat actors to compromise critical IT systems (Younis et…
(more)

▼ Vulnerabilities within software are the fundamental issue that provide both the means, and opportunity for malicious threat actors to compromise critical IT systems (Younis et al., 2016). Consequentially, the reduction of vulnerabilities within software should be of paramount importance, however, it is argued that software development practitioners have historically failed in reducing the risks associated with software vulnerabilities. This failure is illustrated in, and by the growth of software vulnerabilities over the past 20 years. This increase which is both unprecedented and unwelcome has led to an acknowledgement that novel and radical approaches to both understand the vulnerability discovery and disclosure system (VDDS) and to mitigate the risks associate with software vulnerability centred risk is needed (Bradbury, 2015; Marconato et al., 2012).
The findings from this research show that whilst technological mitigations are vital, the social and economic features of the VDDS are of critical importance. For example, hitherto unknown systemic themes identified by this research are of key and include; Perception of Punishment; Vendor Interactions; Disclosure Stance; Ethical Considerations; Economic factors for Discovery and Disclosure and Emergence of New Vulnerability Markets. Each theme uniquely impacts the system, and ultimately the scale of vulnerability based risks. Within the research each theme within the VDDS is represented by several key variables which interact and shape the system. Specifically: Vender Sentiment; Vulnerability Removal Rate; Time to fix; Market Share; Participants within VDDS, Full and Coordinated Disclosure Ratio and Participant Activity. Each variable is quantified and explored, defining both the parameter space and progression over time. These variables are utilised within a system dynamic model to simulate differing policy strategies and assess the impact of these policies upon the VDDS. Three simulated vulnerability disclosure futures are hypothesised and are presented, characterised as depletion, steady and exponential with each scenario dependent upon the parameter space within the key variables.

► There is a perception amongst security professionals that the true scale of information security incidents is unknown due to under reporting. This potentially leads to…
(more)

▼ There is a perception amongst security professionals that the true scale of information security incidents is unknown due to under reporting. This potentially leads to an absence of sufficient empirical incident report data to enable informed risk assessment and risk management judgements. As a result, there is a real possibility that decisions related to resourcing and expenditure may be focussed only on what is believed to be occurring based on those incidents that are reported. There is also an apparent shortage of research into the subject of information security incident reporting.
This research examines whether this assumption is valid and the potential reasons for such under reporting. It also examines the viability of re-using research into incident reporting conducted elsewhere, for example in the healthcare sector. Following a review of what security related incident reporting research existed together with incident reporting in general a scoping study, using a group of information security professionals from a range of business sectors, was undertaken. This identified a strong belief that security incidents were significantly under-reported and that research from other sectors did have the potential to be applied across sectors. A concept framework was developed upon which a proposal that incident reporting could be improved through the identification of Critical Success Factors (CSF’s). A Delphi study was conducted across two rounds to seek consensus from information security professionals on those CSF’s.
The thesis confirms the concerns that there is under reporting and identifies through a Delphi study of information security professionals a set of CSF’s required to improve security incident reporting. An Incident Reporting Maturity Model was subsequently designed as a method for assisting organisations in judging their position against these factors and tested using the same Delphi participants as well as a control group. The thesis demonstrates a contribution to research through the rigorous testing of the applicability of incident reporting research from other sectors to support the identification of solutions to improve reporting in the information security sector. It also provides a practical novel approach to make use of a combination of CSF’s and an IRMM that allows organisations to judge where their level of maturity is set against each of the four CSF’s and make changes to strategy and process accordingly.

► One of the main goals of smart grid is to create a decentralized and consumer controlled power system which can increase efficiency, reliability and reduce…
(more)

▼ One of the main goals of smart grid is to create a decentralized and consumer controlled power system which can increase efficiency, reliability and reduce cost for energy. One of the ways to achieve this goal is to introduce Distributed Energy Resources (DER) into the smart grid. DER devices are small scale power generation units which can provide energy according to the consumer demand. DER systems are interconnected with many other systems in the smart grid. The major systems interconnected with DER system are micro grids, distribution system and synchrophasor system. This project discusses security issues, counter measures, and research issues in DER and systems interconnected with it. It covers proper data handling practices for maintaining confidentiality, integrity, availability, and accountability. In conclusion, this project helps to evaluate security and possible best practices for energy efficient solutions associated with systems interconnected with DER.
Advisors/Committee Members: Ghansah, Isaac.

►Cyber-attacks present significant challenges to a modern, globalised world. Progressively used by criminal and terrorist organisations to attack or victimise non-state actors, governments are increasingly…
(more)

▼Cyber-attacks present significant challenges to a modern, globalised world. Progressively used by criminal and terrorist organisations to attack or victimise non-state actors, governments are increasingly forced to pursue cyber-security strategies to ensure the security of their citizens and private sectors. An examination of New Zealand’s response to the threat of cyber-attacks shows that successive governments have taken steps to enhance New Zealand’s domestic cyber-security capacity and international cyber-security partnerships. These steps have been highly contentious where they have resulted in greater domestic surveillance capabilities. Despite this, New Zealand has enacted significant oversight mechanisms that provide reassurance that the New Zealand Government is mindful of the delicate steps it must take to maintain an appropriate balance between privacy and security.
Advisors/Committee Members: Bukh, Alex.

Gordon, R. (2014). Privacy, Security and the Cyber Dilemma: An Examination of New Zealand’s Response to the Rising Threat of Cyber-attack. (Masters Thesis). Victoria University of Wellington. Retrieved from http://hdl.handle.net/10063/3565

Chicago Manual of Style (16th Edition):

Gordon, Richard. “Privacy, Security and the Cyber Dilemma: An Examination of New Zealand’s Response to the Rising Threat of Cyber-attack.” 2014. Masters Thesis, Victoria University of Wellington. Accessed June 07, 2020.
http://hdl.handle.net/10063/3565.

MLA Handbook (7th Edition):

Gordon, Richard. “Privacy, Security and the Cyber Dilemma: An Examination of New Zealand’s Response to the Rising Threat of Cyber-attack.” 2014. Web. 07 Jun 2020.

Vancouver:

Gordon R. Privacy, Security and the Cyber Dilemma: An Examination of New Zealand’s Response to the Rising Threat of Cyber-attack. [Internet] [Masters thesis]. Victoria University of Wellington; 2014. [cited 2020 Jun 07].
Available from: http://hdl.handle.net/10063/3565.

Council of Science Editors:

Gordon R. Privacy, Security and the Cyber Dilemma: An Examination of New Zealand’s Response to the Rising Threat of Cyber-attack. [Masters Thesis]. Victoria University of Wellington; 2014. Available from: http://hdl.handle.net/10063/3565

► In the information age, the growth in availability of both technology and exploit kits have continuously contributed in a large volume of websites being compromised…
(more)

▼ In the information age, the growth in availability of both technology and exploit kits have continuously contributed in a large volume of websites being compromised or set up with malicious intent. The issue of drive-by-download attacks formulate a high percentage (77%) of the known attacks against client systems. These attacks originate from malicious web-servers or compromised web-servers and attack client systems by pushing malware upon interaction. Within the detection and intelligence gathering area of research, high-interaction honeypot approaches have been a longstanding and well-established technology. These are however not without challenges: analysing the entirety of the world wide web using these approaches is unviable due to time and resource intensiveness. Furthermore, the volume of data that is generated as a result of a run-time analysis of the interaction between website and an analysis environment is huge, varied and not well understood. The volume of malicious servers in addition to the large datasets created as a result of run-time analysis are contributing factors in the difficulty of analysing and verifying actual malicious behaviour. The work in this thesis attempts to overcome the difficulties in the analysis process of log files to optimise malicious and anomaly behaviour detection. The main contribution of this work is focused on reducing the volume of data generated from run-time analysis to reduce the impact of noise within behavioural log file datasets. This thesis proposes an alternate approach that uses an expert lead approach to filtering benign behaviour from potentially malicious and unknown behaviour. Expert lead filtering is designed in a risk-averse method that takes into account known benign and expected behaviours before filtering the log file. Moreover, the approach relies upon behavioural investigation as well as potential for 5 system compromisation before filtering out behaviour within dynamic analysis log files. Consequently, this results in a significantly lower volume of data that can be analysed in greater detail. The proposed filtering approach has been implemented and tested in real-world context using a prudent experimental framework. An average of 96.96% reduction in log file size has been achieved which is transferable to behaviour analysis environments. The other contributions of this work include the understanding of observable operating system interactions. Within the study of behaviour analysis environments, it was concluded that run-time analysis environments are sensitive to application and operating system versions. Understanding key changes in operating systems behaviours within Windows is an unexplored area of research yet Windows is currently one of the most popular client operating system. As part of understanding system behaviours for the creation of behavioural filters, this study undertakes a number of experiments to identify the key behaviour differences between operating systems. The results show that there are significant changes in core processes…

▼Cyber-Physical Systems (CPS) is a term describing a broad range of complex, multi-disciplinary, physically-aware next generation engineered systems that integrate embedded computing technologies (cyber part) into the physical world. CPS are engineered systems that are built from, and depend upon, the seamless integration of computational algorithms and physical components [2]. Generally speaking, they are sensor-based communication-enabled autonomous systems. Wireless sensor network for environmental control, smart grid system and industrial robotics systems can be a good example of CPS. With the exponential growth of CPS, new security challenges have emerged. Various vulnerabilities, threats, and attacks have been detected for the new generation of CPS. Additionally, the heterogeneity of CPS components and the diversity of CPS systems have made it very difficult to study the security problem with one generalized model. This thesis focuses on the development of effective deterministic and stochastic mathematical programming approaches to protect the CPS against a wide range of cyber attacks. The primary goal of this work is to orchestrate an optimization methodology based on a game theoretic framework to protect the CPS and evaluate its results using a simulation model and a real world testbed. To assert that the game theoretic framework yields to an optimized performance, three other heuristic approaches (i.e. Greedy, Greedy-LP, Random) are formulated and their results are compared to the outcome from the game theory approach. The game theoretic model was further extended to include stochastic number of signals and stochastic effectiveness. A two-stage stochastic model was formulated and the results were compared. Further investigations included simulation of a real world system. The simulation model was coded in MatLab Simulink to emulate a real world CPS. As a final step in this thesis, a real life CPS testbed was constructed with functioning cyber and physical components and the results from the different approaches studied are tested and compared. It has been found that the two-stage stochastic programming (two-SSP) model gives most optimized result to protect CPS.
Advisors/Committee Members: Novoa, Clara (advisor), Guirguis, Mina (committee member), Perez, Eduardo (committee member).

►Cyber physical systems, such as control systems use general purpose computation to govern the behavior of physical systems in the manufacturing, transportation, and energy sectors.…
(more)

▼Cyber physical systems, such as control systems use
general purpose computation to govern the behavior of physical
systems in the manufacturing, transportation, and energy sectors.
These systems are increasingly vulnerable to software-based
exploits that have physical consequences. In modern control
systems, Programmable Logic Controllers (PLCs) drive the physical
machinery in a plant according to control logic programs. For ease
of modification, control logic is uploaded to the PLC from the
local network, the Internet, or other external network, making them
vulnerable to malicious code injection. PLCs are unique within the
control system, in that they form the last step of computation
between the computer and the physical infrastructures. If they are
compromised by an adversary, the entire physical system will be
under malicious control. If they can be regulated by defenders,
then adversarial influence over any other part of the system is
nullified. In short, whoever owns the PLC owns the critical
infrastructure. In this work, we look at a novel approach to both
attacking and securing automated cyber physical control systems: em
specification-based attacks and defenses. The vast body of existing
work in computer security focuses on protecting information. In a
control system, on the other hand, the most critical asset is not
information, but the physical machinery, processes, and personnel,
whose safety must be guaranteed. Due to the sheer complexity of
modern information processing systems, it is impossible to
completely secure the computer and network perimeters of automated
control systems. Thus, instead of trying to harden perimeter
security, we instead aim at directly regulating the physical
behavior of the control system through behavioral specifications.
This dissertation covers three different systems that demonstrate
specification-based attacks and defenses. The attack, called SABOT,
allows adversaries to attack control systems knowing only their
physical behavior. SABOT takes the adversary's idea of how the
victim physical system works, and automatically instantiates it
into runnable PLC code that executes the desired attack measures.
The second system is a Trusted Safety Verifier (TSV). TSV prevents
any malicious code from being uploaded to PLCs. This is done by
performing a novel analysis technique on the PLC code to determine
if it violates any engineer-supplied safety properties. Finally, we
consider a Controller Controller (C2). C2 monitors the commands
sent from PLCs to physical machinery to block any malicious device
usage. C2 is the most minimal of all these security mechanisms, as
even the PLC can be fully compromised, and the security guarantees
will still hold. These works are built on early experiences in
directed penetration testing of smart electric meters, which found
vulnerabilities based on the adversarial goals they achieved.
Throughout, the case will be made that specification-based control
of physical system behavior is a promising approach for securing
control systems in modern…

► A steganographic method was developed based on the temporal redundancies present in digital video streams, these redundancies are utilised by the H.264 encoding standard to…
(more)

▼ A steganographic method was developed based on the temporal redundancies present in digital video streams, these redundancies are utilised by the H.264 encoding standard to reduce the bandwidth requirements of a digital video stream while maintaining content quality. The temporal redundancies are used to steganographically embed unique binary data within the digital video stream, this results in a unique embedding strategy within each video stream while also utilising areas that reduce the potential data loss experienced during the H.264 encoding process. The effectivness of the developed steganographic method is measured using the common steganographic metrics of Payload Capacity, Embedded Data Robustness and Media Impact. The results illustrate that the compensation of mutative factors in the embedding process using temporal redundancies result in a more robust method of data embedding within digital video encoded using H.264.

► Despite being renowned as an exceptionally safety-conscious industry, aviation has been slow to address the cybersecurity threat. A critical point has been reached whereby…
(more)

▼ Despite being renowned as an exceptionally safety-conscious industry, aviation has been slow to address the cybersecurity threat. A critical point has been reached whereby systems which were designed many years ago are in wide use, but lack meaningful security measures. Meanwhile, it has become easy to acquire and use tools which enable potential attackers to listen to – and even tamper with – these systems. Like many safety-critical industries, aviation lacks the ability to rapidly redeploy systems. This creates a situation where known-vulnerable systems must be kept and, even worse, heavily relied upon. The work in this thesis focusses on two topics: analysis of a well-established and heavily used general-purpose avionic communication system, and a first look at a method to analyse and prepare for attacks caused by a lack of security measures on avionics. For the former, we focus on the Aircraft Communications Addressing and Reporting System (ACARS). We show that it has very few deployed security solutions, and the instances such solutions have been used are weak. As a consequence, we demonstrate the impact of the lack of meaningful confidentiality protection for non-commercial aviation actors – military, government and business aircraft. We show that even when efforts are made to protect privacy elsewhere, they stand a significant chance of leaking data via normal ACARS usage. Moving to the cockpit, the second topic attempts to begin to address one of the current unknowns in the area of aviation cybersecurity - how attacks on avionic systems might affect the way the aircraft is flown. In this, we used a flight simulator to create the cockpit-based effects of attacks on three important systems. Using these, we created scenarios in which the aircraft was under attack and invited 30 Airbus A320 pilots to take part. Whilst the current state of security and privacy in aviation is far from ideal, we believe that methods to provide security in the near- and long-term are achievable. Privacy in the near-term is somewhat harder, but steps towards it in the longer term are underway.

► With the rapid evolution of the Apple iPhone and the high rate of cybercrime it seems impossible to keep up on the everchanging security features…
(more)

▼ With the rapid evolution of the Apple iPhone and the high rate of cybercrime it seems impossible to keep up on the everchanging security features the iPhone provides and how safe user data is. Currently, the iPhone 8 Plus is at its peak, therefore, it is important to understand what happens with data on the device before and after a device factory reset. To analyze this data, the mobile forensic toolkits, Cellebrite UFED Physical Analyzer and MSAB XRY software are used. The aim of this study is to test two iPhone 8 Plus devices using the mentioned software to answer research questions determining what information can be viewed before and after a factory reset is performed and a comparison of results from the two toolkits being used.

► A Smart Grid is a digitally enabled electric power grid that integrates the computation and communication technologies from cyber world with the sensors and…
(more)

▼ A Smart Grid is a digitally enabled electric power grid that integrates the computation and communication technologies from cyber world with the sensors and actuators from physical world. Due to the system complexity, typically the high cohesion of communication and power system, the Smart Grid innovation introduces new and fundamentally different security vulnerabilities and risks. In this work, two important research aspects about cyber-physical security of Smart Grid are addressed: (i) The construction, impact and countermeasure of data integrity attacks; and (ii) The design and implementation of general cyber-physical security experiment platform. For data integrity attacks: based on the system model of state estimation process in Smart Grid, firstly, a data integrity attack model is formulated, such that the attackers can generate financial benefits from the real-time electrical market operations. Then, to reduce the required knowledge about the targeted power system when launching attacks, an online attack approach is proposed, such that the attacker is able to construct the desired attacks without the network information of power system. Furthermore, a network information attacking strategy is proposed, in which the most vulnerable meters can be directly identified and the desired measurement perturbations can be achieved by strategically manipulating the network information. Besides the attacking strategies, corresponding countermeasures based on the sparsity of attack vectors and robust state estimator are provided respectively. For the experiment platform: ScorePlus, a software-hardware hybrid and federated experiment environment for Smart Grid is presented. ScorePlus incorporates both software emulator and hardware testbed, such that they all follow the same architecture, and the same Smart Grid application program can be tested on either of them without any modification; ScorePlus provides a federated environment such that multiple software emulators and hardware testbeds at different locations are able to connect and form a unified Smart Grid system; ScorePlus software is encapsulated as a resource plugin in OpenStack cloud computing platform, such that it supports massive deployments with large scale test cases in cloud infrastructure.
Advisors/Committee Members: Wenzhan Song, Xiaolin Hu, Zhipeng Cai, Michael Stewart.

► This thesis investigates, and contributes to, the use of wargaming in cybersecurity education. Wargaming has a rich history of pedagogic use, but little work…
(more)

▼ This thesis investigates, and contributes to, the use of wargaming in cybersecurity education. Wargaming has a rich history of pedagogic use, but little work exists that addresses the critically important subject of cybersecurity. Cybersecurity is a global problem that frequently makes news headlines, yet the field is dogged with a reputation as a domain only for technologists, when in fact cybersecurity requires a whole gamut of approaches to be properly understood. The thesis is broadly divided into three parts. The first part is a comprehensive literature review of wargaming scholarship, analysing the benefits and drawbacks of wargaming, and some of the justifications for why a tabletop boardgame may be more effective than a game enhanced by technology. Following on from this, the thesis provides an outline of current work in cyber wargaming by analysing existing games, evaluating their contributions as educational tools, and identifying successful game mechanics and components. The second part of the thesis outlines the design process of an original wargame created for cybersecurity education and awareness training. The analysis outlines what the game design intends to achieve in terms of pedagogical outcomes and how the design evolved through the development process. In this part some methodological considerations around the research are also analysed, including how the thesis uses grounded theory and ethnography as academic underpinnings, and issues around the researcher's positionality during fieldwork. The final part of the thesis reports on the deployment of the original game to a wide variety of organisations. Both quantitative and qualitative data is analysed to ascertain what players learned from playing the game and evaluates the effectiveness of the game by comparing it to previous theoretical findings. Finally, the researcher's experiences of conducting the thesis are evaluated with close reference to the identified methodological considerations.

► Research on China’s strategy of cyber sovereignty to date has been inadequate, conceiving of the blueprint as a domestic Party censorship and surveillance mechanism, effectively…
(more)

▼ Research on China’s strategy of cyber sovereignty to date has been inadequate,
conceiving of the blueprint as a domestic Party censorship and surveillance mechanism,
effectively minimising its foreign policy significance. Additionally, existing understandings have
privileged the Western sovereignty paradigm, whose tenets have not been updated to reflect
the impact of media and communication on today’s cross-bordered world.
This interdisciplinary thesis challenges the prevailing narratives. It probes China’s power
strategy of cyber sovereignty, arguing that it is not only a state-of-the-art experiment in
regulating digital flows of information within China, but also a significant Party power strategy
in facilitating their bold ambition to become a leader in global cyberspace. It makes the case
that cyber sovereignty is an entirely new form of sovereign power, one that has harnessed the
tools of the digital revolution in cutting-edge ways, forcing a rethinking of the classical mould of
sovereignty. It offers an analytical redescription of this prototype of sovereignty, and the thesis
contributes to the literature by offering an original interpretation of this form of power by
illustrating its complex dynamics and paradoxical features.
The thesis summarises the emergence of the concept of cyber sovereignty, identifying
the theoretical and analytical cleavages in the literature. It also introduces the features of this
new model of power, and establishes Hong Kong’s significance as a laboratory for cyber
sovereignty. The thesis then conducts a pointed vivisection of the historical and contemporary
literature on sovereignty, before delineating the re-envisioned model of cyber sovereignty. And
lastly, the thesis positions Hong Kong as simultaneously the greatest expression of, yet
challenge to China’s strategy of cyber sovereignty.
Drawing from field research interviews, this interpretivist thesis peels back the
blanketed layers, sedimented histories, and theoretical ideologies that intersect, diverge, and
shroud understanding of this new modality of power. The thesis offers a prism through which
to observe the political dynamics of the contemporary Chinese polity, now emerging as a global
power, to more fully grasp the implications of cyber sovereignty in the international order.

► Participation in cyberspace is of key importance for large organisations (and the functioning of our society), but to participate responsibly a comprehensive cyber approach is…
(more)

▼ Participation in cyberspace is of key importance for large organisations (and the functioning of our society), but to participate responsibly a comprehensive cyber approach is needed. Cyberspace is a dynamic and complex environment due to the hyper-connectedness and therefore such an approach should aim for cyber resilience to cope with this complexity. Standards can form good inspiration for the creation of a cyber approach. However, due to the differences between traditional information security and cybersecurity the standards do not cover the cyber domain completely. At this moment there is a knowledge gap on (1) what elements a cyber approach for large organisations should cover and (2) what role standards can play in such an approach. Furthermore, aiming at resilience is not (yet) common practice. This research therefore has as main goal:
To design a cyber framework that helps large organisations to develop a cyber approach.
An analysis of the cybersecurity landscape has shown that a diverse set of actors create in a garbage can-like model a diverse set of standards with different aims and scopes. Six standards are further analysed resulting in elements of standards that are important for a cyber approach (requirement for cyber framework). The analysis further shows that the main standards are still mostly based on traditional information security and do not yet (all) cover the main aspects of cyber and/or resilience. Semi structured interviews have resulted in the identification of five issues that needs to be dealt with when dealing with cybersecurity: (1) Parties in cyberspace are highly dependent on each other, (2) Dynamics of cyber are larger compared to traditional information security, (3) Assets to protect are constantly getting more diverse, (4) Incidents in cyberspace can have huge consequences in the physical world and (5) The general level of cyber resilience is rather low. These issues form requirements for the cyber framework.
Based on literature research, the analysis of the standards landscape and the conducted interviews, design principles for a cyber approach are formulated. The design principles have two roles; (1) they serve as input for designing a cyber approach to help dealing with design dilemmas and (2) they are requirements for a cyber framework, because that needs to be compatible with these design principles. Based on the requirements, a cyber framework has been designed with Hevner’s design science methodology. The framework covers the three dimensions (1) cyber governance, providing the goal/mission of the organisation, boundary conditions for and evaluation of the other dimensions and (2) Risk management, covering the long term risk balance with a cycle covering assessing the risk, control and monitoring. These two are completed with (3) situational awareness, providing the incident detection (monitoring), short term response and recover completed with the monitoring of (strategic) developments in the environment. With the addition of situational awareness the framework…
Advisors/Committee Members: Van Den Berg, J., Hulstijn, J., Van Gelder Gelder, P. H. A. J. M., Bulder, E..

► The dominant academic and practitioners' perspective on security evolves around law-abiding referent objects of security who are under attack by law-breaking threat agents. This study…
(more)

▼ The dominant academic and practitioners' perspective on security evolves around law-abiding referent objects of security who are under attack by law-breaking threat agents. This study turns the current perspective around and presents a new security paradigm. Suspects of crime have threat agents as well, and are therefore in need of security. The study takes cyber criminals as referent objects of security, and researches their technical computer security practices. While their protective practices are not necessarily deemed criminal by law, security policies and mechanisms of cyber criminals frequently deviate from prescribed bonafide cybersecurity standards. As such, this study is the first to present a full picture on these deviant security practices, based on unique access to public and confidential secondary data related to some of the world's most serious and organized cyber criminals. Besides describing the protection of crime and the criminal, the observed practices are explained by the economics of deviant security: a combination of technical computer security principles and microeconomic theory. The new security paradigm lets us realize that cyber criminals have many countermeasures at their disposal in the preparation, pre-activity, activity and post-activity phases of their modi operandi. Their controls are not only driven by technical innovations, but also by cultural, economical, legal and political dimensions on a micro, meso and macro level. Deviant security is very much democratized, and indeed one of the prime causes of today's efficiency and effectiveness crisis in police investigations. Yet every modus operandi comes with all kinds of minor, major and even unavoidable weaknesses, and therefore suggestions are made how police investigations can exploit these vulnerabilities and promote human security as a public good for all citizens. Ultimately, the findings of this socio-technical-legal project prove that deviant security is an academic field of study on its own with continually evolving research opportunities.

The aim of this research is to explore the relationship between online privacy and cybersecurity. With the birth of the internet and the recent…
(more)

▼

The aim of this research is to explore the relationship between online privacy and cybersecurity. With the birth of the internet and the recent revolution in technology, people have taken to the internet by storm - to do their online shopping and to connect to friends via social media. Online privacy has become a great concern to many while attitudes on security are still maturing. This thesis is based on a quantitative research methodology. The first part of the report looks into the definitions of privacy, cybersecurity and also the relationship between these two terms. The second part of the research incorporates the findings of a survey that was conducted as part of the thesis. The researchfound that while people are consciously trying to improve their online privacy, they seem to be subconsciously lowering the barriers on their privacy.

Analysis of the main causes why there is not a comprehensive global response to cyber threats. Analysis focuses on state interactions in the UN and CoE.
Advisors/Committee Members: Chalmers, Dr. A.W (advisor), Hosli, Prof.dr. M.O (advisor).

Pakalniškis, S. (2012). What factors explain why there is not a common and comprehensive global response to cyber threats?. (Masters Thesis). Leiden University. Retrieved from http://hdl.handle.net/1887/19509

Pakalniškis S. What factors explain why there is not a common and comprehensive global response to cyber threats?. [Masters Thesis]. Leiden University; 2012. Available from: http://hdl.handle.net/1887/19509

▼ On secure networks, even sophisticated cyber hackers must perform multiple steps to implement attacks on sensitive data and critical servers hidden behind layers of firewalls. Therefore, there is a need to study these attacks at a higher multi-stage level. Traditional taxonomy of cyber attacks focuses on analyzing the final stage and overall effects of an attack but, not the characteristics of an attack movement or `trajectory' on a network.
This work proposes to investigate trajectory similarities between multi-stage attacks, allowing for the characterization of both a hacker's behavior and vulnerable attack paths within a network.
Currently, Intrusion Detection Systems (IDS) report alerts to a network analyst when a malicious activity is suspected to have occurred on a network. Previous work in this field has used IDS alerts as evidence of multi-stage attacks, and has thus been able to group correlated alerts into cyber attack tracks.
The main contribution of this work is to use a revised Longest Common Subsequence(LCS) algorithm to analyze attack tracks as trajectories. This allows a systematic analysis to determine which alert attributes within a track are of great value to the characterization of multi-stage attacks.
The basic LCS algorithm, which looks for the longest common sequence in two strings of data, is extended to support the non-uniformity of alert data using a time windowing system.
In addition, a normalization method will be applied to ensure that the attack track similarity measure is not adversely affected by differences in attack track length. By applying the revised LCS algorithm, attack trajectories defined in terms of various IDS alert attributes are analyzed. The results provide strong indicators of how multidimensional cyber attack trajectories can be used to differentiate attack tracks.
Advisors/Committee Members: Shanchieh Jay Yang, Andres Kwasinski, Dhireesha Kudithipudi.

►Cyber attack nowadays is increasingly being reported. Defenders need a good understanding of attacker’s perspective in order to accurately anticipate threats and effectively mitigate attacks.…
(more)

▼Cyber attack nowadays is increasingly being reported. Defenders need a good understanding of attacker’s perspective in order to accurately anticipate threats and effectively mitigate attacks. This understanding can be obtained through sharing attack pattern. However, in the existing researches the consideration about information sharing is not integrated into the attack pattern concept. In this paper, we propose an attack pattern ontology as a common language of information sharing; the goal is to demonstrate how this ontology may effectively support cybersecurity information sharing. Based on the existing theories about attack pattern, we developed an ontological model to present attack information. The research can be further developed to integrate attacker profile ontology with the attack pattern ontology, which enables more systematic analysis of cyber attacks.
Advisors/Committee Members: Janssen, M.F.W.H.A, Pieters, W., Oey, M.A., Hadžiosmanović, D..

► With the smart grid initiatives in recent years, the electric power grid is rapidly evolving into a complicated and interconnected cyber-physical system. Unfortunately, the…
(more)

▼ With the smart grid initiatives in recent years, the electric power grid is rapidly evolving into a complicated and interconnected cyber-physical system. Unfortunately, the wide deployment of cutting-edge communication, control and computer technologies in the power system, as well as the increasing terrorism activities, make the power system at great risk of attacks from both cyber and physical domains. It is pressing and meaningful to investigate the plausible attack scenarios and develop efficient methods for defending the power system against them.
To defend the power grid, it is critical to first study how the attacks could happen and affect the power system, which are the basis for the defense strategy development. Thus, this dissertation quantifies the influence of several typical attacks on power system reliability. Specifically, three representative attack are considered, i.e., intrusion against substations, regional LR attack, and coordinated attacks. For the intrusion against substations, the occurrence frequency of the attack events is modeled based on statistical data and human dynamics; game-theoretical approaches are adopted to model induvial and consecutive attack cases; Monte Carlo simulation is deployed to obtain the desired reliability indices, which incorporates both the attacks and the random failures. For the false data injection attack, a practical regional load redistribution (LR) attack strategy is proposed; the man-in-the-middle (MITM) intrusion process is modeled with a semi-Markov process method; the reliability indices are obtained based on the regional LR attack strategy and the MITM intrusion process using Monte Carlo simulation. For the coordinated attacks, a few typical coordination strategies are proposed considering attacking the current-carrying elements as well as attacking the measurements; a bilevel optimization method is applied to develop the optimal coordination strategy.
Further, efficient and effective defense strategies are proposed from the perspectives of power system operation strategy and identification of critical elements. Specially, a robustness-oriented power grid operation strategy is proposed considering the element random failures and the risk of man-made attacks. Using this operation strategy, the power system operation is robust, and can minimize the load loss in case of malicious man-made attacks. Also, a multiple-attack-scenario (MAS) defender-attack-defender model is proposed to identify the critical branches that should be defended when an attack is anticipated but the defender has uncertainty about the capability of the attacker. If those identified critical branches are protected, the expected load loss will be minimal.
Advisors/Committee Members: Lingfeng Wang.

► Information security is of vital importance to organizations. Breaches in security very often stem from behaviors of the system operator. Cyber misbehaviors on the part…
(more)

▼ Information security is of vital importance to organizations. Breaches in security very often stem from behaviors of the system operator. Cyber misbehaviors on the part of employees can have devastating repercussions on the well-being of an organization. Up to now, research has mainly focused on how to protect information systems from outside attack, and only recently have researchers turned to the part the operator plays in keeping the systems safe. The present study investigated some individual differences that may play a role in people’s cyber behavior. The purpose of the study was to determine if locus of control was related to an individual’s perception of cyber risk and likelihood of engaging in cyber misbehaviors. Internal locus of control was found to be associated with higher perception of cyber risk, and higher cyber risk perception was found to lead to fewer cyber misbehaviors. The trait sensation seeking was also explored but no firm conclusions could be drawn from those results. Gaining an understanding of some of the differences between individuals that make some more likely to commit cyber misbehaviors – as well as the dynamics behind these relationships—should be greatly beneficial in helping develop deterrents to cyber misbehavior and keeping information systems safer.

Johnson, K. (2018). Better Safe than Sorry: The Relationship Between Locus of Control, Perception of Risk, and Cyber Misbehaviors. (Thesis). University of South Florida. Retrieved from https://scholarcommons.usf.edu/etd/7630

Note: this citation may be lacking information needed for this citation format:Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16th Edition):

Johnson, Kim. “Better Safe than Sorry: The Relationship Between Locus of Control, Perception of Risk, and Cyber Misbehaviors.” 2018. Thesis, University of South Florida. Accessed June 07, 2020.
https://scholarcommons.usf.edu/etd/7630.

Note: this citation may be lacking information needed for this citation format:Not specified: Masters Thesis or Doctoral Dissertation

Johnson K. Better Safe than Sorry: The Relationship Between Locus of Control, Perception of Risk, and Cyber Misbehaviors. [Internet] [Thesis]. University of South Florida; 2018. [cited 2020 Jun 07].
Available from: https://scholarcommons.usf.edu/etd/7630.

Note: this citation may be lacking information needed for this citation format:Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Johnson K. Better Safe than Sorry: The Relationship Between Locus of Control, Perception of Risk, and Cyber Misbehaviors. [Thesis]. University of South Florida; 2018. Available from: https://scholarcommons.usf.edu/etd/7630

Note: this citation may be lacking information needed for this citation format:Not specified: Masters Thesis or Doctoral Dissertation

►Cyber-physical security describes the protection of systems with close relationships between computational functions and physical ones and addresses the issue of vulnerability to attack through…
(more)

▼Cyber-physical security describes the protection of systems with close relationships between computational functions and physical ones and addresses the issue of vulnerability to attack through both cyber and physical avenues. This describes systems in a wide variety of functions, many crucial to the function of modern society, making their security of paramount importance. The development of secure system design and attack detection strategies for each potential avenue of attack is needed to combat malicious attacks. This thesis will provide an overview of the approaches to securing different aspect of cyber-physical systems. The cyber element can be designed to better prevent unauthorized entry and to be more robust to attack while its use is evaluated for signs of ongoing intrusion. Nodes in sensor networks can be evaluated by their claims to determine the likelihood of their honesty. Control systems can be designed to be robust in cases of the failure of one component and to detect signal insertion or replay attack. Through the application of these strategies, the safety and continued function of cyber-physical systems can be improved.

► This thesis analyses the different securitisations of cyberspace by the Digital Rights Community (DRC) and the British state. It considers both the internal and external…
(more)

▼ This thesis analyses the different securitisations of cyberspace by the Digital Rights Community (DRC) and the British state. It considers both the internal and external characteristics of these securitisations, covering the power relations between a variety of securitising actors and their audiences and the use of language and metaphor to construct cyberspace threats. It considers the consequences of these securitisations, paying particular attention to the interplay between threats to national security and threats to digital rights, which are often framed as competitive and mutually exclusive. After considering the competitive nature of these securitisations, this work frames the conflict as a security dilemma, which has resulted in a spiralling, legal, public relations and technological conflict between the British state and the DRC. This has led to distrust, enmity, an inability to co-operate and a sub-optimal outcome for both national security and digital rights. The characteristics of this CyberSecurity Dilemma (CSD) are analysed to help understand why it has arisen, why it has become so intense and why it is proving difficult to mitigate or transcend. Fear, uncertainty and a failure to appreciate the concerns of the other side are established as the most significant causes of the conflict. This thesis draws on historical examples, theoretical material and examples from the television show Hunted, where the researcher was both performer and ethnographer. Techniques to help resolve the CSD are discussed, with attention paid to the need for trust building, interpersonal bonding and security dilemma sensibility. Current and historical attempts to resolve the issue are analysed for their effectiveness and a range of principles are proposed to help guide future approaches to the issue. These include the need to establish trust, work in collaboration with others, reject extreme rhetoric and raise the quality of the debate.

Hersee, S. (2019). The cyber security dilemma and the securitisation of cyberspace. (Doctoral Dissertation). Royal Holloway, University of London. Retrieved from https://pure.royalholloway.ac.uk/portal/en/publications/the-cyber-security-dilemma-and-the-securitisation-of-cyberspace(dcf65dd5-c75d-40ce-8994-6da979eaa1e7).html ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.792904

Hersee S. The cyber security dilemma and the securitisation of cyberspace. [Doctoral Dissertation]. Royal Holloway, University of London; 2019. Available from: https://pure.royalholloway.ac.uk/portal/en/publications/the-cyber-security-dilemma-and-the-securitisation-of-cyberspace(dcf65dd5-c75d-40ce-8994-6da979eaa1e7).html ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.792904

►Cyber crime is a new and emerging area of concern for technology professionals, business leaders, and heads of government. This research takes a look at…
(more)

▼Cyber crime is a new and emerging area of concern for technology professionals, business
leaders, and heads of government. This research takes a look at the individuals behind these
crimes in order to develop a profile and determine emerging trends. Classical Sociological theory
is detailed and its ability to apply to modern cyber crime is explained. Interviews were conducted
with five professionals in the field in order to gain a wide range of differing experiences and
emerging trends. The most important cyber crime laws in the United States Code were broken
down into their elements and explained in a way that technology and business professionals,
without a legal background, can understand. Seven case studies were then conducted to find the
facts of the crime, the statutes which were violated, the outcome, and analysis. The research
concludes with a final analysis section which outlines the findings of this research.
Advisors/Committee Members: Border, Charles, Johnson, Daryl, Algoe, Tom.

► The main justification of e-government systems is to offer public services conveniently and continuously over open and distributed networks. Security reliability of information connected over…
(more)

▼ The main justification of e-government systems is to offer public services conveniently and continuously over open and distributed networks. Security reliability of information connected over distributed networks offering convenience to stakeholders is vital not only in the private sector but also in the public sector. The main aim of the study was to establish what factors affect cybersecurity in public service in Kenya, specifically National Government Ministries in Kenya. This study employed a descriptive research design. The target respondents for this study comprised of Information Communication Technology (ICT) Officers in the Ministries and Internal Auditors involved in review of Information Systems. The study collected primary data as the preferred source of research data with the help of structured questionnaires. This study concludes that factors affecting cybersecurity in the National Government Ministries in Kenya are principally divided in to external motivations for cyber attacks and internal organizational system vulnerabilities. The key external motivations for cyber attacks are i) systems sabotage and exploitation of systems’ weakness, ii) business rivalry systems exploitation for illegal competitive strategy insights, and iii) systems attacks due to ideological differences. The internal organizational factors affecting cybersecurity were identified as i) lack of management support in implementation and adherence of cybersecurity strategy and standards, and ii) employees’ systems exploitation for personal gains. Lack of management support in implementation of cybersecurity is a major contributor to poor cybersecurity in the Public Service. The sustained efforts for adoption of e-government across ministries service delivery should also propagate for sustainable cybersecurity mechanisms in the strategies’ development and adoption. The management need to comprehend the impact of cyber attacks on Ministries service delivery. Cybersecurity issues need to championed even to the political class, so as to positively influence funds apportionment and drive for adherence to the cybersecurity strategy. There is also need to address the ethical aspect of employees working in the ministries’ information systems in view of their involvement in systems sabotage and exploitation of the systems for financial gains.

► The research presented in this thesis covers two specific problems within the larger domain of cyber-physical algorithms for enhancing collaboration between one or more people.…
(more)

▼ The research presented in this thesis covers two specific problems within the larger domain of cyber-physical algorithms for enhancing collaboration between one or more people. The two specific problems are 1) determining when people are going to arrive late to a meeting and 2) creating ad-hoc secure pairing protocols for short-range communication. The domain was broken down at opposite extremes in order to derive these problems to work on: 1) collaborations that are planned long in advance and deviations from the plan need to be detected and 2) collaborations that are not planned and need to be dynamically created and secured. Empirical results show the functionality and performance of user late arrival detection for planned collaborations and end-user authentication protocols for unplanned collaborations.
Advisors/Committee Members: White, Christopher J. (committeechair), Reed, Jeffrey Hugh (committee member), Martin, Thomas L. (committee member).

► Modern cyber attacks have evolved considerably. The skill level required to conduct a cyber attack is low. Computing power is cheap, targets are diverse and…
(more)

▼ Modern cyber attacks have evolved considerably. The skill level required to conduct a cyber attack is low. Computing power is cheap, targets are diverse and plentiful. Point-and-click crimeware kits are widely circulated in the underground economy, while source code for sophisticated malware such as Stuxnet is available for all to download and repurpose. Despite decades of research into defensive techniques, such as firewalls, intrusion detection systems, anti-virus, code auditing, etc, the quantity of successful cyber attacks continues to increase, as does the number of vulnerabilities identified. Measures to identify perpetrators, known as attribution, have existed for as long as there have been cyber attacks. The most actively researched technical attribution techniques involve the marking and logging of network packets. These techniques are performed by network devices along the packet journey, which most often requires modification of existing router hardware and/or software, or the inclusion of additional devices. These modifications require wide-scale infrastructure changes that are not only complex and costly, but invoke legal, ethical and governance issues. The usefulness of these techniques is also often questioned, as attack actors use multiple stepping stones, often innocent systems that have been compromised, to mask the true source. As such, this thesis identifies that no publicly known previous work has been deployed on a wide-scale basis in the Internet infrastructure. This research investigates the use of an often overlooked tool for attribution: cyber de- ception. The main contribution of this work is a significant advancement in the field of deception and honeypots as technical attribution techniques. Specifically, the design and implementation of two novel honeypot approaches; i) Deception Inside Credential Engine (DICE), that uses policy and honeytokens to identify adversaries returning from different origins and ii) Adaptive Honeynet Framework (AHFW), an introspection and adaptive honeynet framework that uses actor-dependent triggers to modify the honeynet envi- ronment, to engage the adversary, increasing the quantity and diversity of interactions. The two approaches are based on a systematic review of the technical attribution litera- ture that was used to derive a set of requirements for honeypots as technical attribution techniques. Both approaches lead the way for further research in this field.

► The growing penetration of distributed energy resources (DERs) together with communication and computer processing technologies are drivers in changing the paradigm of power system operation…
(more)

▼ The growing penetration of distributed energy resources (DERs) together with communication and computer processing technologies are drivers in changing the paradigm of power system operation and control. The provision of services provided by DERs requires coordination among many agents, and at many different levels. One strategy has been to segment existing power systems into microgrids (MG), which include controllable loads and DERs operated under a single entity. Since MGs cover a smaller footprint and utilize new control approaches, they are emerging as an important strategy to advance the resiliency of modern electric power systems. However, the increasing connectivity of devices for monitoring and control of MGs serves to also increase the attack surface for a malicious cyber actor. This thesis presents two contributions to this problem. The first is an explicit characterization of the cyber threats that a MG control system, using the IEC 61850 standard as its communication architecture, can be susceptible to. Power system applications can be formally verified through use of object models, common data classes, and message classes. The IEC 61850-7-420 DER extension further defines object classes for assets such as types of DERs, DER unit controllers, and other DER-associated devices (e.g., inverters). These object classes describe asset-specific attributes such as state of charge, capacity limits, and ramp rate. Attributes can be fixed (rated capacity of the device), dynamic (state of charge), or binary (on or off, dispatched or off-line, operational or fault state). An ontology based on the 61850 and 61850-7-420 DER object classes is developed to model threats against a MG. This thesis considers threats against the measurements on which the control loop is based, as well as attacks against the control directives and the communication infrastructure. The ontology is used to build a threat model using the ADversary VIew Security Evaluation (ADVISE) framework, which enables identification of attack paths based on adversary objectives (for example, destabilize the entire MG by reconnecting to the utility without synchronization) and helps identify defender strategies. The second contribution is the development of a control and mitigation method for DER integration. A robust decentralized secondary frequency control design for islanded MGs is developed to enable resilient coordination and integration of DERs. We cast the control problem centrally under steady state and adopt the feedback-based Alternating Direction Method of Multipliers (ADMM) algorithm for solving the decentralized control updates. The ADMM algorithm uses measurements at various points in the system to solve for control signals. Measurements and control commands are sent over communication networks such as Ethernet-based local area networks in the IEC 61850 standard. To enhance the robustness to cyber intrusions, we modify the ADMM algorithm using the Round-Robin technique to detect malicious control signals on and from DERs. As a complementary…
Advisors/Committee Members: Zhu, Hao (advisor).

► The smooth operation of the power grid is based on the effective Wide Area Monitoring and Control systems, which is supposed to provide reliable and…
(more)

▼ The smooth operation of the power grid is based on the effective Wide Area Monitoring and Control systems, which is supposed to provide reliable and secure communication of data. Due to the complexity of the system and inaccuracy of modeling, uncertainty is unavoidable in such systems. So it is of great interest to characterize and quantify the uncertainty properly, which is significant to the functionality of power grid.
Trust, as a subjective and expressive concept connoting one party's (the trustor's) reliance on and belief in the performance of another party (the trustee), is modeled to help administrators (trustors) of WAMC systems evaluate the trustworthiness of data sources (trustees), which is essentially a measurement of uncertainty of this system. Both evidence based methods and data based methods are developed to evaluate trustworthiness and describe uncertainty respectively.
By modeling both aleatory and epistemic uncertainty with subjective logic and probability distributions respectively, a framework quantifying uncertainty is proposed. Quantification of the uncertainties can greatly help the system administrators to select the most fitting security implementation to achieve both security and QoS with a certain confidence. Based on the quantification framework, an adaptive security mechanism is prototyped, which can adjust the security scheme online according to dynamic requirements and environmental changes, to make the best ongoing trade-off between security assurance and QoS.
Advisors/Committee Members: Hauser, Carl H (advisor).

author], [. (2016). Quantifying the effects of uncertainty to manage cyber-security risk and enable adaptivity in power grid wide area monitoring and control applications
. (Thesis). Washington State University. Retrieved from http://hdl.handle.net/2376/12120

Note: this citation may be lacking information needed for this citation format:Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16th Edition):

author], [No. “Quantifying the effects of uncertainty to manage cyber-security risk and enable adaptivity in power grid wide area monitoring and control applications
.” 2016. Thesis, Washington State University. Accessed June 07, 2020.
http://hdl.handle.net/2376/12120.

Note: this citation may be lacking information needed for this citation format:Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7th Edition):

author], [No. “Quantifying the effects of uncertainty to manage cyber-security risk and enable adaptivity in power grid wide area monitoring and control applications
.” 2016. Web. 07 Jun 2020.

Note: this citation may be lacking information needed for this citation format:Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

author] [. Quantifying the effects of uncertainty to manage cyber-security risk and enable adaptivity in power grid wide area monitoring and control applications
. [Thesis]. Washington State University; 2016. Available from: http://hdl.handle.net/2376/12120

Note: this citation may be lacking information needed for this citation format:Not specified: Masters Thesis or Doctoral Dissertation